https://boehs.org/node/everything-i-know-about-the-xz-backdoor :

"I’ve now learned from another source that Cheong isn’t Mandarin, it’s Cantonese. This source theorizes that Cheong is a variant of the 張 surname, as “eong” matches Jyutping (a Cantonese romanisation standard) and “Cheung” is pretty common in Hong Kong as an official surname romanisation. A third source has alerted me that “Jia” is Mandarin (as Cantonese rarely uses J and especially not Ji). The Tan last name is possible in Mandarin, but is most common for the Hokkien Chinese dialect pronunciation of the character 陳 (Cantonese: Chan, Mandarin: Chen). It’s most likely our actor simply mashed plausible sounding Chinese names together."

@i_i or was that misdirection because they knew this type of theory would arise...

@Blomfilter exactly. Very hard to know. Usually 4D chess explanations are wrong just by virtue of their complexity. But we're looking at a long con, and reasonably likely a state actor. They had to choose a name anyway, it makes sense that they would have chosen one that aligned with whatever their goals were. It's not that weird IMHO for there to be some intentional misdirection there.

Someone said the commit times generally lined up with business hours in China, including consideration of public holidays. I suspect that is one more dimension of chess than an attacker is likely to have played, though, since that would require ongoing inconvenience and effort, whereas the name was a one-off choice. So assuming it's correct that the timestamps do uniquely point to someone working business hours in China, I think that's pretty good evidence for it being someone located in China, working as part of their day job.

@chrisjbillington I've only seen a timestamp analysis that points to the EET timezone: https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and

@LasseRasinen Very likely I misread or misunderstood then.